<?php
/**
 * +----------------------------------------------------------------------
 * | [ DO WHAT YOU LOVE AND FUCK THE REST ]
 * +----------------------------------------------------------------------
 * | EMAIL: < 931274989@qq.com >
 * +----------------------------------------------------------------------
 * | WECHAT: xzc016
 * +----------------------------------------------------------------------
 * | 权限中间件
 * +----------------------------------------------------------------------
 */
namespace app\admin\middleware;

use app\admin\model\AuthRule;
use app\admin\model\AuthGroup;
use app\admin\model\AuthGroupAccess;

use think\facade\Session;
use think\facade\Request;

class Permissions
{
  public function handle($request, \Closure $next)
  {
    //获取当前用户
    $admin_id = Session::get('admin.id');
    if (empty($admin_id)) {
      return redirect('/admin/Login/index');
    }

    //定义方法白名单
    $allow = [
      'Index/index',      //首页
      'Main/index',       //首页
      'Common/upload',    //上传文件
      'Common/clear',     //清除缓存

      'Login/index',      //登录页面
      'Login/checkLogin', //校验登录
      'Login/captcha',    //登录验证码
      'Login/logout',     //退出登录
    ];

    //查询所有不验证的方法并放入白名单
    $authOpen = AuthRule::where('type', '=', '0')
      ->select();
    $authRole = AuthRule::select();
    $authOpens = [];
    foreach ($authOpen as $k => $v) {
      //转换方法为小写
      $ruleName = explode('/', $v['name']);
      if (!isset($ruleName[1]) && !empty($ruleName[1])) {
        $ruleName[1] = strtolower($ruleName[1]);
      }
      //转换控制器首字母大写
      $ruleName = trim(implode('/', $ruleName));
      $authOpens[] = ucfirst($ruleName);
      //查询所有下级权限
      $ids = getChildsRule($authRole, $v['id']);
        foreach ($ids as $kk => $vv) {
          //转换方法为小写
          $ruleName = explode('/', $vv['name']);
          if ($ruleName[1]) {
            $ruleName[1] = strtolower($ruleName[1]);
          }
          //转换控制器首字母大写
          $ruleName = trim(implode('/', $ruleName));
          $authOpens[] = ucfirst($ruleName);
        }
    }
    $allow = array_merge($allow, $authOpens);

    //查找当前控制器和方法，控制器首字母大写，方法首字母小写 如：Index/index
    $route = Request::controller() . '/' . lcfirst(Request::action());

    //权限认证
    if (!in_array($route, $allow)) {
      if ($admin_id != 1) {
        //开始认证
        $auth = new \Auth();

        $result = $auth->check($route, $admin_id);
        if (!$result) {
          return error('您无此操作权限!');
        }
      }
    }

    //当url中有ref=tab时表示刷新当前页(用于后台tab模式刷新)
    if (Request::get("ref") == 'tab') {
      //去除url中ref参数
      $url = preg_replace_callback("/([\?|&]+)ref=tab(&?)/i", function ($matches) {
        return $matches[2] == '&' ? $matches[1] : '';
      }, Request::url());

      //重定向隐式传值使用的是Session闪存数据隐式传值，并且仅在下一次请求有效，再次访问重定向地址的时候无效
      return redirect('Index/index')->with('referer', $url);
    }

    //中间件handle方法的返回值必须是一个Response对象。
    return $next($request);
  }


}
